Chapter 1: Networking Overview

PAGE 1-1Guide to MCSE 70-290, Enhanced

Chapter 1: Introduction to Windows Server 2003

Objectives

After reading the chapter and completing the exercises, students should be able to:

Differentiate between the different editions of Windows Server 2003

Explain Windows Server 2003 network models and server roles

Identify concepts relating to Windows Server 2003 network management and maintenance

Explain Windows Server 2003 Active Directory conceptsTeaching TipsWindows Server 2003 Editions

1. Provide an overview of the four editions that are available to consumers. Cite the advantages and possible disadvantages of each. Try giving multiple situations or scenarios to the class and have them discuss which version might be best for the given situation.

2. It might be useful to have students research on the Internet different retail sites in order to find out where the editions of the server software are available for purchase. Many students may not know where to obtain such software. Direct them to a few popular sources. Also, have them take note of what the retail software dealers advertise for each of the editions of the Windows Server 2003 operating system. Maybe there were features, considered by the retailer to be important selling points, which were not given much attention in this text.Standard Edition

1. Note that this edition is the most popular because it meets the everyday computing needs of most small to medium organizations and can function as a departmental server in larger environments. Point out that this is the logical upgrade path for companies currently running Windows 2000 Server.2. Note that this edition is often used as a departmental file, print, or application server.3. Go over the features that are present in this edition of the network operating system. Point out that this edition can be used as a domain controller but that it does not support the Itanium platform or clustering. Enterprise Edition

1. Make sure it is clear that this edition is geared for larger corporations or medium organizations with mission-critical applications that require more features or performance than those available in the Standard Edition.

2. Point out some of the differences between the Standard and Enterprise Editions, particularly that it provides Itanium support, 8-way clustering, it can scale to 8 processors and it supports more RAM.

Datacenter Edition

1. One should make it clear that although this edition offers the highest levels of availability and reliability to mission-critical applications over all other editions, this functionality comes at a cost. It is best suited for large database and transaction processing systems.2. Note that Datacenter Edition can only be obtained from original equipment manufacturers (OEMs).3. Point out the major distinctions of this edition: 8 to 64 processors are possible, and up to 512 GB RAM.Web Edition

1. Make sure that students understand that they cannot purchase this lower-cost version of the server software and expect all of the features of any of the higher-cost editions. Make sure they understand that this software is meant as a Web server only and cannot be used for such things as a domain controller.

2. Go through the list of services and features that are and are not supported by this edition.Activity 1-1: Determining the Windows Server 2003 Edition Installed on a Server1. This activity involves determining which edition of Windows Server 2003 is currently installed on a computer system. Remind the students that different editions have different features and may have different requirements for servicing. Therefore, this is an important activity. Network administrators should always check what version of an operating system a computer is running before attempting to service it.

Windows Networking Concepts Overview

1. Explain to students that all network administrators need to be familiar with the two security models that can be implemented with Windows Server 2003. Be sure to note that almost all larger organizations use the domain model but that the workgroup model is often used in smaller organizations.

2. In addition to security models, there are three major roles that Windows Server 2003 can take within a network. Note that the choice of role is a function of the security model and the types of tasks that the server will handle.

Teaching Tip

Make sure students understand the distinction between the workgroup and domain models and among the standalone, member, and domain controller server roles. These concepts are central to understanding this chapter.

Workgroups

1. In this section, the textbook describes the Windows workgroup model and how a Windows 2003 Server can be used within the model. Note that the workgroup model doesnt explicitly require a server because the member systems rely on a local database called the Security Accounts Manager database for authentication.

2. Discuss with students the advantages, such as simplicity, and the disadvantages, such as scalability, of this model. Ask students to think about when it makes sense for individual users to manage their systems and what security issues might arise. Give them a general rule that workgroups with more than 10 clients begin to get unwieldy.

3. Note that when a Windows Server 2003 system is configured as part of a workgroup, it will be set up as a standalone server.

Domains

1. This section describes the second Windows security model, the Domain model. Note that this model relies on centralized authentication and administration through a centralized database called Active Directory.

2. Although the concept of administration in the domain model is that it is centralized, make sure that students understand that this does not necessarily mean that the database is physically centralized. It may be stored on one or more computers configured as domain controllers.

3. Note that a domain controller in a Windows Server 2003 environment can be running under several different Windows operating system versions, depending on functional levels required. Students may want to look at the Windows Server 2003 Help and Support Center to get an idea of the different functional levels.

4. Be sure that students understand that the domain model is the one normally recommended for systems of more than 10 workstations.

5. Discuss the use of more than one domain controller within an environment to support fault tolerance and load balancing.

Member Servers

1. This section defines what a member server is and what services it might commonly provide.

2. Have students compare the figures that illustrate the Computer Name tab of the System Properties window for a member server and for a workgroup member.

3. Note that any of the four editions of Windows Server 2003 can be configured as a member server in a domain environment.

Domain Controllers

1. This section describes what the role of a domain controller is. Note what services a domain controller must provide.

2. Be sure to point out that a server in the role of a domain controller can also provide file, print, and other services on a network. Ask students to describe what factors might go into deciding when a domain controller might reasonably take on other services as well.

3. Note that a server can be configured as a domain controller using either the Active Directory Installation Wizard or the Configure Your Server wizard.

Activity 1-2: Determining the Domain or Workgroup Membership of a Windows Server 2003 System

1. In this activity, students will determine the domain or workgroup membership of the workstation they are using. Remind them that determining and understanding the system properties of a workstation is a necessary part of network administration.

Computer Accounts

1. Discuss what computer accounts provide and what Windows operating systems support them.

2. Note how computer accounts are represented and that they can be viewed using Administrative tools.

Activity 1-3: Viewing and Configuring Computer Account Settings in Active Directory Users and Computers1. This activity shows students how to view computer account settings and properties using the Active Directory Users and Computers administrative tool. Students will return to this tool later in the book as well.

Quick Quiz1. What are the four editions of Windows 2003 Server?

Answer: Standard, Enterprise, Datacenter, and Web

2. When is a Windows Server 2003 system deployed as a standalone server?

Answer: When it is configured as a member of a workgroup

3. What is the name of the local account database that manages authentication on a workstation in a workgroup?

Answer: The SAM (Security Accounts Manager) database

4. What is the name of the centralized account database that manages authentication on a workstation in a domain?

Answer: Active Directory

Network Management and Maintenance Overview

1. This section provides an overview of the five broad categories of tasks that an administrator will need to master for Microsoft exam 70-290, Managing and Maintaining a Microsoft Windows Server 2003 Environment. Each of these categories will be addressed in more detail in later chapters of the book.

Teaching Tip

It might be useful to ask students what tasks they believe a network administrator would need to perform before starting this section. They may be surprised at the breadth of tasks.

Managing and Maintaining Physical and Logical Devices

1. A network administrator will be responsible for installing hardware and software, configuring the network for optimum performance, and recognizing and resolving problems that occur.

2. Ask students to name some hardware devices that might be required for a server installation. Once the hardware is installed, what other steps might be necessary for an administrator to take?

3. Note that when managing server disks, an administrator will need to be familiar with what types of disks are available and will need to know how to configure and maintain them. The administrator should be familiar with fault tolerance techniques and with the various tools, utilities, and techniques needed for the best possible performance of the network.

Managing Users, Computers, and Groups

1. One of the primary tasks an administrator faces is the maintenance of user accounts. Remind students that security is a huge concern in all organizations.

2. Windows Server 2003 Active Directory includes many tools and features to allow an administrator to automate many account-related tasks for user and computer accounts.

3. A number of different types of groups and scopes can be supported and an administrator must be able to maintain group accounts as well as individual user accounts.

4. Another administrator responsibility includes managing user desktop environments that, in Windows Server 2003 environments, is done using user profiles.

5. As a preface to Activity 1-4, ask students what they think is the most common task that a network administrator performs for user accounts, and give hints such as What is the most common problem you have with your own accounts? to see if they can come up with resetting passwords on their own.

Activity 1-4: Resetting a Domain User Account Password Using Active Directory Users and Computers

1. This activity has students reset a user password using the Active Directory Users and Computers tool. In this model of password resetting, the administrator supplies a temporary password and makes the user change it during login. Describe the alternate model of simply changing the password. Remind students that they will undoubtedly face this task at some point it is indeed a very common problem.

Managing and Maintaining Access to Resources

1. What is the primary reason for implementing a network? To allow users to share resources of course. Ask students to name some resources that are very helpful to share.

2. The two most common methods of enabling sharing of resources are using the Windows Explore interface the Computer Management administrative tool.

3. Note that there are two main methods of securing shared resources: 1) shared file permissions that apply for access over a network; and 2) NTFS permissions that apply to all access attempts.

4. It is often desirable to centralize some software applications and make them available to users through a service known as Terminal Services. An administrator must understand the security issues that permit applications to be shared in this manner without opening the environment to potentially harmful interactions.

Managing and Maintaining a Server Environment

1. This category covers a broad range of tasks that are important in the day-to-day ongoing operation of a Windows Server 2003 environment. Two tools that are commonly used to monitor and troubleshoot an environment are Event Viewer and System Monitor. Event Viewer is particularly important in gathering information needed to diagnose problems when errors occur. In contrast, the System Monitor utility is used to monitor and understand server performance.

2. Note that updates and patches are common and that the Windows Server 2003 administrator should be able to install and maintain them. Administrators are also responsible for the often-unappreciated task of maintaining disk quotas and for managing print queues and printer security.

3. There are several remote management tools that administrators need to be familiar with, such as the Microsoft Management Console (MMC) that is the subject of the next activity. All of these tools and tasks will be reviewed in detail in later chapters; it is only necessary to be aware of them at this point.

Activity 1-5: Creating a Custom Microsoft Management Console

1. In this activity, a custom MMC is created. This is important because it allows commonly used tools to be grouped together in a single, easily accessible console. Remind students that taking the time to set up a console can save time and frustration over the long run.

Managing and Implementing Disaster Recovery

1. Enforce the notion that disaster recovery is possible only when proper procedures are implemented and followed before disaster occurs. Most students have had experiences where backup procedures (or the lack thereof) had some impact on their lives; it might be interesting to share some stories.

2. Windows Server 2003 provides Windows Backup as the main backup resource. The administrator should be familiar with different backup types, scheduling automatic backups for both users and system state, and with restoring backed-up information.

3. Several new features are available on Windows Server 2003. One allows an administrator to write critical configuration to a floppy disk and, when necessary, restore the operating system to the most current configuration. A second feature allows users to restore previous versions of files without administrative support.

Introduction to Windows Server 2003 Active Directory1. This section describes Active Directory, the native directory service included with Windows Server 2003 operating systems, and the services it provides.

2. Make sure that students understand the process of multimaster replication that is used by Active Directory with multiple domain controllers.

3. Note that Active Directory uses the Domain Name Service (DNS) to maintain domain-naming structures and locate network resources.

Active Directory Objects

1. Discuss with students what an Active Direct Object represents and how it is stored in the directory database. How would you locate information about an object from Active Directory?

Active Directory Schema

1. This section defines and describes Active Directory schema and the two main definitions of the schema, object classes and attributes.

2. Note that the Active Directory database stores and replicates the schema partition to all domain controllers in the environment allows the network administrator to dynamically update and extend it.

Active Directory Logical Structure and Components

1. This section describes the logical components that make up an Active Directory Structure. Note that it is important to understand these components because network administrators must both design and administer the logical structure of the network.

Domains and Organizational Units

1. An Active Directory domain is a structured organization of objects that share a common directory database. Make sure that students understand the concepts of domain, domain controller, and the role that Active Directory plays in maintaining the structure of the domain.

2. Within a domain, objects are placed in logical containers called Organizational Units (OUs). Discuss possible logical divisions of objects such as departmental, geographic, etc.

3. Within an OU, it is possible to further refine permissions using Group Policy settings.

4. It is also possible to delegate administrative control over OUs and other very specific tasks.

Trees and Forests

1. This section describes how to create multiple domains within an organization. Discuss with students some different reasons for needing to do this.

2. Students must understand the concepts of trees, forest root domains, and the transitive trust relationship that holds between child and parent domains.

3. Note that a forest is a collection of trees that do not share a contiguous DNS naming structure. Ask students to consider situations in which it would make sense to create a forest structure. Ensure that students understand that trees in a forest do share an Active Directory schema, an Enterprise Admins group, and a global catalog.

Global Catalog

1. Discuss the four main functions of a global catalog and the types of attributes that would be available there.

2. Note that the first domain controller in a forest automatically becomes a global catalog server and that others can be configured. Briefly mention Universal group caching as an alternate to global catalogs.

Active Directory Communications Standards1. This section discusses the Lightweight Directory Access Protocol (LDAP) that is used to query or update the Active Directory Database directly. It defines the two main components of the naming paths used for referring to objects within LDAP, distinguished names and relative distinguished names.

Active Directory Physical Structure

1. In this section, the physical rather than logical structure of an Active Directory database is discussed. There are several important considerations that should be taken into account when designing this structure; particularly the performance of replication requests and the effect this may have on overall network performance. Ask students to consider what might happen if replication takes too long or if it happens too frequently and extensively.

2. Important concepts to understand in physical configuration are Active Directory sites and site links. When discussing sites, make sure that the problem of connection reliability is noted. Site links represent the connections among sites while sites represent the actual subnets within the network. Attributes of site links include replication availability, bandwidth costs, and replication frequency.

3. Discuss the process of replication (based on a change notification process) and the default settings for change announcements within and between sites.

Teaching Tip

Make sure students understand the distinction between the physical and logical structure of Active Directory. The logical structure is used to organize network resources while the physical structure is used to control network traffic.

Quick Quiz1. What naming convention does Active Directory use to maintain domain-naming structures and network resources?

Answer: Domain Name Service (DNS)

2. How many Active Directory schemas are there in a Windows Server 2003 environment with four domain controllers?

Answer: One

3. True or False: An Active Directory forest can consist of a single domain.

Answer: True

4. When referring to objects stored within the Active Directory, what naming convention is followed?

Answer: Lightweight Directory Access Protocol (LDAP)

Class Discussion Topics

1. If you (as a network administrator) were asked to set up a new Windows Server 2003 environment, what would be the first decision to make? What characteristics of the organization would you look at to help with the decision?

2. Under what circumstances would you consider setting up your network as a Windows workgroup? What advantages and disadvantages would you encounter using this model?

3. What does Disk Defragmenter do and how does it help with achieving optimal performance? What other tools are available to keep performance problems to a minimum?

4. What kinds of problems might be encountered when an Active Directory schema must be replicated across domain controllers (or anytime databases must be replicated for that matter)? What other ways can you think of to provide fault tolerance in databases?

Additional Projects

1. Research some tools and utilities that could be added to a custom Microsoft Management Console (MMC). What would your custom console be and why?

2. Find and run the Event Viewer and System Monitor tools. What information did you find there? Do some research to see what the information is and how to use it.

3. Research the different types of backup and restore that various operating systems support. What are the advantages and disadvantages of each? How important is a backup plan in an enterprise?

Solutions to Additional Projects

1. Tools available as Snap-ins include: ActiveX Controls, Certificates, Event Viewer, and Removable Storage Management. To see the complete list on your machine, use the directions given in Activity 1-5 to look at the Snap-In list in the MMC. Some candidates that would be generally useful are Disk Defragmenter, Event Viewer, Performance Logs and Alerts, and Local Users and Groups. Preference for particular tools and utilities is something that will become apparent depending on the specific responsibilities that are required.

2. The Event Viewer provides a set of Application, Security, and System logs that describe error events and warnings, as well as security events such as log-ons. System Monitor is a real-time execution monitor that describes current performance in terms of data being handled over time, data moving from memory to disk, and pending disk requests. It can create logs and alerts to allow the administrator to see trends and be warned when certain events occur.

3. Different types of backup include full, incremental, differential, copy backup, daily backup, volume shadow copy and system state backups. Backup is one of the most important responsibilities that an administrator faces because, once data loss occurs, it can be devastating in terms of time and intellectual effort. For example, an organization could lose days or even months that had been spent working on a project. It is important to decide on a schedule for backup that takes into account system load at various times, how often system state changes, and how often data files change. The different types of backup mainly differ in how much information is stored and how it affects files that are being used during the backup. The tradeoffs are, of course, in the amount of information that must be copied and stored and the amount of time that it takes to do both backups and restores. Generally, the faster the backup, the slower the restore and vice versa. For example, a full backup copies all information while incremental backup copies only information that has changed. Therefore, a full backup takes longer to do than an incremental backup. However, to restore all information, if youve done incremental backups, it is necessary to go back to the last full backup, restore that, then restore all incrementals. If you did only full backups, you could just restore the last one and it would take less time.